Littafin Adireshi
Sama da kashi 90% na hare-haren VPS suna faruwa ne saboda... harin ƙarfi mai ƙarfi na SSHIdan har yanzu kana shiga sabar da kalmar sirri, yana da haɗari kamar barin maɓallin gidanka a rataye a ƙofar.
A cikin wannan labarin, zan jagorance ku mataki-mataki don ku tsira daga mummunan harin kalmar sirri na brute-force. Za mu haɗa... VPS gaban PuTTY软件Wannan koyaswar tana amfani da kayan aikin layin umarni mafi amfani don taimaka muku ɗaga tsaron SSH ɗinku zuwa mafi girman matsayi.
Me yasa ake amfani da maɓalli maimakon kalmar sirri?
Komai sarkakiyar kalmar sirri, har yanzu ana iya karya ta ta hanyar amfani da ƙarfin gaske. Masu kutse za su iya amfani da kayan aiki don gwada dubban haɗin kalmomin shiga a cikin daƙiƙa ɗaya.
da Maɓallin RSA 4096-bitA ka'ida, zai ɗauki biliyoyin shekaru kafin ya fashe. Idan aka kwatanta, kalmar sirri kamar ƙofar takarda ce, yayin da maɓalli kuma ƙofar ƙarfe ce.
Mataki na 1: Samar da maɓallin SSH
A Linux A madadin haka, akan macOS, zaku iya samar da maɓallan maɓallin RSA 4096-bit kai tsaye:
ssh-keygen -t rsa -b 4096
Danna Shigar don adana hanyar da aka saba. /root/.ssh/id_rsa.
Shigar da kalmar sirri (zaɓi ne), ko kuma kawai danna Shigar ka bar ta babu komai.
Tsarin zai samar da fayiloli guda biyu:
- Maɓallin sirri:
id_rsa - Maɓallin Jama'a:
id_rsa.pub
Wannan shine "makullin" da "makullin".
Mataki na 2: Saita maɓallin jama'a akan sabar
Sanya maɓallin jama'a a cikin kundin adireshin VPS mai lasisi:
cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
Tabbatar da jagorar /root/.ssh/ wanzuwa.
Ta wannan hanyar, sabar za ta gane makullin jama'a kawai kuma ba za ta ƙara dogara da kalmar sirri ba.
Mataki na 3: Gyara fayil ɗin daidaitawar SSH
Shirya fayil ɗin sanyi:
nano /etc/ssh/sshd_config
Gyara sigogi masu zuwa:
RSAAuthentication yes #RSA认证 PubkeyAuthentication yes #开启公钥验证 AuthorizedKeysFile .ssh/authorized_keys #验证文件路径 PasswordAuthentication no #禁止密码认证 PermitEmptyPasswords no #禁止空密码
Wannan mataki yana da mahimmanci: kashe shiga kalmar sirri gaba ɗaya.
Mataki na 4: Sake kunna sabis na SSH
Sanya saitin ya fara aiki nan take:
- CentOS7:
systemctl restart sshd
- Ubuntu / Debian:
systemctl restart ssh
An tabbatar da cewa sabis ɗin yana aiki:
systemctl status sshd
Mataki na 5: Masu amfani da Windows suna canza maɓallin ta amfani da PuTTYGen.
Idan kuna amfani da Windows, kuna buƙatar canza maɓallin sirri zuwa tsarin PuTTY:
- kunna PuTTYGen
- 点击 load kaya
id_rsa - 点击 Ajiye maɓalli na sirri Ajiye kamar yadda
.ppk - A PuTTY → Haɗi → SSH → Authenti Zaɓi wannan
.ppk文件
Ta wannan hanyar, zaku iya shiga cikin VPS ɗinku lafiya ta amfani da PuTTY.
Mataki na 6: Tabbatar da kuma kare kai daga hare-haren ƙarfi
Tabbatar da cewa saitin yana aiki:
grep "Failed password" /var/log/auth.log
Rikodin zai nuna yunƙurin maharin da ya gaza ne kawai, ba shiga cikin nasara ba.
Ƙarin tsaro:
- Yi aiki tare Fail2Ban Ta atomatik toshe adireshin IP masu kai hari
- Canja tashar jiragen ruwa ta asali (misali, canza ta zuwa 2222).
- Firewall yana ba da damar IPs masu aminci kawai
Waɗannan dabarun guda uku za su iya kawo cikas ga ƙoƙarin ɗan kutse gaba ɗaya.
总结
Ta hanyar Samar da maɓalli → Saita maɓallin jama'a → Gyara sshd_config → Sake kunna sabis → PuTTY don canza maɓalli Waɗannan matakan, naku HestiaCP VPS zai iya kawar da haɗarin hare-haren ƙarfi na kalmar sirri gaba ɗaya.
Shigarwar "Kalmar sirri da ta gaza" a cikin waɗannan rajistan ayyukan kawai yunƙurin da masu kai hari suka yi ne na banza kuma ba ya nuna cewa har yanzu ana kunna tantance kalmar sirri.
Kammalawa: Tsaro shine tushen rayuwar sabar.
A duniyar tsaron bayanai, kalmomin shiga sune hanyoyin da suka fi fuskantar barazana. Sauya kalmomin shiga da maɓallai ba wai kawai zaɓi ne na fasaha ba, har ma da nuna alhaki da hikima.
Kamar yadda aka fada a cikin "Takardar Farin Tsaron Bayanai": "Tsaro ba kuɗi ba ne, amma ƙima ce."
Don haka ɗauki mataki. 'Yantar da VPS ɗinku daga sarƙoƙin kalmomin shiga, kuma ku bar hare-haren masu kutse su ci gaba da kasancewa har abada a cikin rajistan ayyukan da suka gaza.
Hope Chen Weiliang Blog ( https://www.chenweiliang.com/ Labarin "Yadda Ake Magance Hare-haren SSH na Ƙarfi? Koyarwa Mai Amfani Kan Daidaita Tabbatar da Maɓallin VPS tare da HestiaCP," wanda aka raba a nan, na iya taimaka muku.
Barka da zuwa raba hanyar haɗin wannan labarin:https://www.chenweiliang.com/cwl-34161.html